102 matches found
Design/Logic Flaw
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users...
CVE-2020-10622
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users...
CVE-2020-10622
CVE-2020-10622 affects LCDS LAquis SCADA up to version 4.3.1. The vulnerability is due to improper input validation that allows unauthorized users to create arbitrary files. It requires local access and user interaction, with a high impact on confidentiality, integrity, and availability. Remediat...
CVE-2020-10618
CVE-2020-10618 affects LCDS LAquis SCADA versions 4.3.1 and earlier. The available connected documents indicate a vulnerability that could lead to sensitive information exposure by unauthorized users. No explicit exploitation vector, attacker capabilities, or remediation steps are provided within...
LCDS LAquis SCADA Input Validation Error Vulnerability
LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. An input validation error vulnerability exists in LCDS LAquis SCADA version...
LCDS LAquis SCADA LQS File Parsing
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Out-of-bounds Read, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
CVE-2018-18994
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration...
Design/Logic Flaw
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration...
CVE-2018-18994
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds read when opening a specially crafted project file, which may cause a system crash or allow data exfiltration...
CVE-2018-18994
CVE-2018-18994 affects LCDS LAquis SCADA prior to version 4.1.0.4150, where opening a specially crafted project file can trigger an out-of-bounds read, potentially causing a system crash or data exfiltration. The vulnerability is addressed by upgrading to 4.1.0.4150 per NVD/NCCIC advisories; no e...
Code injection
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process...
CVE-2019-6536
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process...
CVE-2019-6536
CVE-2019-6536 concerns LAquis SCADA’s ELS file handling. Affected: SCADA 4.1.0.4150. Vulnerability: out-of-bounds write (CWE-787) in ELS file processing that may allow code execution in the context of the current process. Technical details across sources vary: ZDI describes remote code execution ...
CVE-2019-6536
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process...
LCDS LAquis SCADA ELS Files
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution...
CVE-2018-19002
LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash...
Code injection
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server...
CVE-2018-18998
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges...
CVE-2018-18986
LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution...
Out-of-bounds
LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration, or remote code execution...